Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-7788

my_md5 crashes with openssl in fips mode

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.0(EOL)
    • 10.0.18
    • SSL

    Description

      When FIPS is enabled (/proc/sys/crypto/fips_enabled is 1), OpenSSL disabled MD5, so my_md5() — that uses OpenSSL — doesn't work. It causes numerous failures and crashes as md5 is used internally for various purposes (e.g. checksums of views, MD5() SQL function, etc).

      The fix is to tell OpenSSL that MariaDB needs MD5 even if FIPS disables it. This is fine as long as it's not used for cryptographic purposes.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-7695 MariaDB - ssl - fips: can not connect with --ssl-cipher=DHE-RSA-AES256-SHA - handshake failure

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-7794 MariaDB - mysql-test - fips: some ssl tests with cipher are failing

          • Major - Major loss of function.
          • Closed

          Activity

            People

              serg Sergei Golubchik
              serg Sergei Golubchik
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.